9 matches found
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of proper validation of untrusted data in the loadmodel function within the pmdarima/init.py file, allowing an attacker to execute arbitrary code by injecting a malicious pickle object into a PyFunc...
BIT-MLFLOW-2024-37054
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to inadequate input validation in the loadmodel function within mlflow/pytorch/init.py. This allows an attacker to execute arbitrary code on the victim's system by injecting a malicious pickle object into a...
GHSA-GHV6-9R9J-WH4J MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...
MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37054
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37054
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37054
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...
PT-2024-27269 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: MLflow platform versions 0.9.0 and newer Description: The issue allows deserialization of untrusted data, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user's system when interacted with. Recommendations: For...